Hi guys...
I have a phpNuke 6.5 (with sec fix 3) and i've been hacked...
It seems that all the script kiddies have done is change all the news in my home page with this text:
H A C K E D!! BY - [ LunixO ]- --------------------- !Hi! --------------------- Testing your security system....0k --------------------- Hey admin!! Your security has broken by me. (SORRY!!) but you must parch your system. Admin you need any class of security on the computers... ---------------------------------------- Bi0s FucKed!! K hax0r k erz. Fillo d´ PutA!! Bi0s sorry because your mother suck me dick destrangis in the night. Bi0´s use ./xploit... lamah kaka. --------------------------- Greetz: Maure, MoOn, supn0rmal, arrow_maki, etc...- ---------------------------------------- I Love This Game -[No.LImIts]- ------------------------------ The Hack is p0waH -[Free Your Mind]- --------------------------------------
After searching here in nukecops i've found a post the recomends this in /modules/News/index.php:
if ($score != 1 AND $score != 2 AND $score != 3 AND $score != 4 AND $score != 5) {
Header("Location: index.php");
die();
}
Please download the security-fix 3 for phpnuke 6.5 in the downloads-area and do what they say! You will need to change the modules/news/index.php file as well as the mainfile.php !
I've fixed it, it's on the URL i posted on the second post, but now my mainfile.php removes all < > | and ) characters, so i cannot post anything with HTML becouse this chars are replaced by HTML codes.
Any other fix before i make a script that search and replaces all that codes???
Use the fixes suggested frogmans patch was just that (a bandaid) not a fix for the specific vulnerability.
KaTXi Nuke Soldier
Joined: Jul 02, 2003
Posts: 13
Posted:
Wed Jul 02, 2003 1:52 pm
Thanks, it's fixed on Sec fix 4, not 3, but it works.
Thanks a lot guys, you were a great help.
BTW: Every one update NOW. Hacking your home is way easy if you are not fixed.
KaTXi Nuke Soldier
Joined: Jul 02, 2003
Posts: 13
Posted:
Wed Jul 02, 2003 10:36 pm
Another tip for guys that want to upgrade to secfix 4:
Everything works great but search.php and viewtopic.php , which are broken, just follow fixchanges.txt for this two files.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
---------------------------------------- I Love This Game -[No.LImIts]- ------------------------------ The Hack is p0waH -[Free Your Mind]- --------------------------------------
